General
-
Target
aed5c7355746817265352226221264d35bf753a44f273912d42629019b7c4b8f
-
Size
381KB
-
Sample
230129-mk5v6ach5w
-
MD5
0957d5d8d21751f2fd1ad2015b19abe0
-
SHA1
c098ddc18a8a0dade35436f968eb43c1f4c9253c
-
SHA256
aed5c7355746817265352226221264d35bf753a44f273912d42629019b7c4b8f
-
SHA512
a7cbde567cd869828c757bd32a6571c401782bbdc54b76c1faa9e9b2509187b81dd85a0db641fa182c04edb598be75009ed02e9f0f196942d9662a8b1ed3e0b6
-
SSDEEP
6144:3rK18vkksg2P4vWigPJJJPJJJGJJA/+aU4Kau:3rMlM2QvgPJJJPJJJGJJpF
Malware Config
Targets
-
-
Target
aed5c7355746817265352226221264d35bf753a44f273912d42629019b7c4b8f
-
Size
381KB
-
MD5
0957d5d8d21751f2fd1ad2015b19abe0
-
SHA1
c098ddc18a8a0dade35436f968eb43c1f4c9253c
-
SHA256
aed5c7355746817265352226221264d35bf753a44f273912d42629019b7c4b8f
-
SHA512
a7cbde567cd869828c757bd32a6571c401782bbdc54b76c1faa9e9b2509187b81dd85a0db641fa182c04edb598be75009ed02e9f0f196942d9662a8b1ed3e0b6
-
SSDEEP
6144:3rK18vkksg2P4vWigPJJJPJJJGJJA/+aU4Kau:3rMlM2QvgPJJJPJJJGJJpF
Score10/10-
Modifies WinLogon for persistence
-
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
-
UAC bypass
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-